chromium,chromedriver,electron: use hash instead of sha256 everywhere
this patch updates the packaging of chromium and chromedriver to use sri hashes in `upstream-info.nix` instead of sha256 as well as the packaging of electron to use sri hashes in `info.json` instead of sha256 (just gn). this patch also updates the previous `sha256` values in `upstream-info.nix` and `info.json` to sri hashes in `hash`.
This commit is contained in:
parent
6e4796d619
commit
e2523b4ca0
|
@ -67,16 +67,16 @@ let
|
|||
]);
|
||||
clangFormatPython3 = fetchurl {
|
||||
url = "https://chromium.googlesource.com/chromium/tools/build/+/e77882e0dde52c2ccf33c5570929b75b4a2a2522/recipes/recipe_modules/chromium/resources/clang-format?format=TEXT";
|
||||
sha256 = "0ic3hn65dimgfhakli1cyf9j3cxcqsf1qib706ihfhmlzxf7256l";
|
||||
hash = "sha256-1BRxXP+0QgejAWdFHJzGrLMhk/MsRDoVdK/GVoyFg0U=";
|
||||
};
|
||||
|
||||
# The additional attributes for creating derivations based on the chromium
|
||||
# source tree.
|
||||
extraAttrs = buildFun base;
|
||||
|
||||
githubPatch = { commit, sha256, revert ? false }: fetchpatch {
|
||||
githubPatch = { commit, hash, revert ? false }: fetchpatch {
|
||||
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
|
||||
inherit sha256 revert;
|
||||
inherit hash revert;
|
||||
};
|
||||
|
||||
mkGnFlags =
|
||||
|
@ -118,7 +118,7 @@ let
|
|||
libExecPath = "$out/libexec/${packageName}";
|
||||
|
||||
ungoogler = ungoogled-chromium {
|
||||
inherit (upstream-info.deps.ungoogled-patches) rev sha256;
|
||||
inherit (upstream-info.deps.ungoogled-patches) rev hash;
|
||||
};
|
||||
|
||||
# There currently isn't a (much) more concise way to get a stdenv
|
||||
|
@ -148,10 +148,10 @@ let
|
|||
else throw "no chromium Rosetta Stone entry for os: ${platform.config}";
|
||||
};
|
||||
|
||||
recompressTarball = { version, sha256 ? "" }: fetchzip {
|
||||
recompressTarball = { version, hash ? "" }: fetchzip {
|
||||
name = "chromium-${version}.tar.zstd";
|
||||
url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
|
||||
inherit sha256;
|
||||
inherit hash;
|
||||
|
||||
nativeBuildInputs = [ zstd ];
|
||||
|
||||
|
@ -180,7 +180,7 @@ let
|
|||
inherit (upstream-info) version;
|
||||
inherit packageName buildType buildPath;
|
||||
|
||||
src = recompressTarball { inherit version; inherit (upstream-info) sha256; };
|
||||
src = recompressTarball { inherit version; inherit (upstream-info) hash; };
|
||||
|
||||
nativeBuildInputs = [
|
||||
ninja pkg-config
|
||||
|
@ -250,7 +250,7 @@ let
|
|||
(githubPatch {
|
||||
# Reland [clang] Disable autoupgrading debug info in ThinLTO builds
|
||||
commit = "54969766fd2029c506befc46e9ce14d67c7ed02a";
|
||||
sha256 = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";
|
||||
hash = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";
|
||||
revert = true;
|
||||
})
|
||||
];
|
||||
|
|
|
@ -57,7 +57,7 @@ let
|
|||
gnChromium = buildPackages.gn.overrideAttrs (oldAttrs: {
|
||||
inherit (upstream-info.deps.gn) version;
|
||||
src = fetchgit {
|
||||
inherit (upstream-info.deps.gn) url rev sha256;
|
||||
inherit (upstream-info.deps.gn) url rev hash;
|
||||
};
|
||||
});
|
||||
});
|
||||
|
@ -80,12 +80,12 @@ let
|
|||
chromeSrc =
|
||||
let
|
||||
# Use the latest stable Chrome version if necessary:
|
||||
version = if chromium.upstream-info.sha256bin64 != null
|
||||
version = if chromium.upstream-info.hash_deb_amd64 != null
|
||||
then chromium.upstream-info.version
|
||||
else (import ./upstream-info.nix).stable.version;
|
||||
sha256 = if chromium.upstream-info.sha256bin64 != null
|
||||
then chromium.upstream-info.sha256bin64
|
||||
else (import ./upstream-info.nix).stable.sha256bin64;
|
||||
hash = if chromium.upstream-info.hash_deb_amd64 != null
|
||||
then chromium.upstream-info.hash_deb_amd64
|
||||
else (import ./upstream-info.nix).stable.hash_deb_amd64;
|
||||
in fetchurl {
|
||||
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
|
||||
"https://dl.google.com/linux/chrome/deb/pool/main/g"
|
||||
|
@ -93,7 +93,7 @@ let
|
|||
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
|
||||
"http://repo.fdzh.org/chrome/deb/pool/main/g"
|
||||
];
|
||||
inherit sha256;
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";
|
||||
|
|
|
@ -6,10 +6,10 @@
|
|||
}:
|
||||
|
||||
{ rev
|
||||
, sha256
|
||||
, hash
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
stdenv.mkDerivation {
|
||||
pname = "ungoogled-chromium";
|
||||
|
||||
version = rev;
|
||||
|
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "ungoogled-software";
|
||||
repo = "ungoogled-chromium";
|
||||
inherit rev sha256;
|
||||
inherit rev hash;
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
|
|
|
@ -3,63 +3,63 @@
|
|||
deps = {
|
||||
gn = {
|
||||
rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
|
||||
sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
|
||||
hash = "sha256-WCq+PNkWxWpssUOQyQbAZ5l6k+hg+qGMsoaMG0Ybj0o=";
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
version = "2023-08-01";
|
||||
};
|
||||
};
|
||||
sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j";
|
||||
sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr";
|
||||
hash = "sha256-spzY2u5Wk52BrKCk9aQOEp/gbppaGVLCQxXa+3JuajA=";
|
||||
hash_deb_amd64 = "sha256-eTeEeNa4JuCW81+SUAyrKi3S0/TJNTAoTktWQ0JsgYc=";
|
||||
version = "117.0.5938.22";
|
||||
};
|
||||
dev = {
|
||||
deps = {
|
||||
gn = {
|
||||
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
|
||||
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
|
||||
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
version = "2023-08-10";
|
||||
};
|
||||
};
|
||||
sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv";
|
||||
sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x";
|
||||
hash = "sha256-W0fZuvv9jz03ibQqB6MG45aw2zPklfxoFzZzr+kRuJk=";
|
||||
hash_deb_amd64 = "sha256-XWxRFLFxBqnvKcoB5HErwVbtHCGYRteLeTv44zVMwIc=";
|
||||
version = "118.0.5966.0";
|
||||
};
|
||||
stable = {
|
||||
chromedriver = {
|
||||
sha256_darwin = "0y973bs4dbdrl152bfiq5avsp6h27j3v1kwgcgxk1d0g293322xs";
|
||||
sha256_darwin_aarch64 =
|
||||
"04qrhr52qc9rhmslgsh2yymsix9cv32g39xbpf8576scihfdngv8";
|
||||
sha256_linux = "1hy3s6j20h03ria033kfxd3rq259davvpjny4gpvznzklns71vi1";
|
||||
hash_darwin = "sha256-ugsxRhIPtDD7Y4/PsIc8Apqrtyo4uiVKoLmtRvQaJ3k=";
|
||||
hash_darwin_aarch64 =
|
||||
"sha256-aD/bHIxMm1OQu6un8cTYLPWoq/cC6kd1hTkxLEqGGRM=";
|
||||
hash_linux = "sha256-Ie5wtKXz27/vI97Ku7dqqQicR+tujgFUzANAIKTRw8M=";
|
||||
version = "118.0.5993.70";
|
||||
};
|
||||
deps = {
|
||||
gn = {
|
||||
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
|
||||
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
|
||||
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
version = "2023-08-10";
|
||||
};
|
||||
};
|
||||
sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
|
||||
sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
|
||||
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
|
||||
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
|
||||
version = "118.0.5993.88";
|
||||
};
|
||||
ungoogled-chromium = {
|
||||
deps = {
|
||||
gn = {
|
||||
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
|
||||
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
|
||||
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
|
||||
url = "https://gn.googlesource.com/gn";
|
||||
version = "2023-08-10";
|
||||
};
|
||||
ungoogled-patches = {
|
||||
rev = "118.0.5993.88-1";
|
||||
sha256 = "17j47d64l97ascp85h8cnfnr5wr4va3bdk95wmagqss7ym5c7zsf";
|
||||
hash = "sha256-Tv/DSvVHa/xU5SXNtobaJPOSrbMMwYIu0+okSkw7RJ4=";
|
||||
};
|
||||
};
|
||||
sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
|
||||
sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
|
||||
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
|
||||
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
|
||||
version = "118.0.5993.88";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -884,7 +884,7 @@
|
|||
"version": "2023-09-12",
|
||||
"url": "https://gn.googlesource.com/gn",
|
||||
"rev": "991530ce394efb58fcd848195469022fa17ae126",
|
||||
"sha256": "1zpbaspb2mncbsabps8n1iwzc67nhr79ndc9dnqxx1w1qfvaldg2"
|
||||
"hash": "sha256-4jWqtsOBh96xbYk1m06G9hj2eQwW6buUXsxWsa5W6/4="
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -1776,7 +1776,7 @@
|
|||
"version": "2023-08-10",
|
||||
"url": "https://gn.googlesource.com/gn",
|
||||
"rev": "cc56a0f98bb34accd5323316e0292575ff17a5d4",
|
||||
"sha256": "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab"
|
||||
"hash": "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M="
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -2620,7 +2620,7 @@
|
|||
"version": "2023-06-09",
|
||||
"url": "https://gn.googlesource.com/gn",
|
||||
"rev": "4bd1a77e67958fb7f6739bd4542641646f264e5d",
|
||||
"sha256": "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw"
|
||||
"hash": "sha256-XP+NQG8kjzXPzQ25YaZiPymexZwAGwhpodqgdTWWCZI="
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -3440,7 +3440,7 @@
|
|||
"version": "2023-04-19",
|
||||
"url": "https://gn.googlesource.com/gn",
|
||||
"rev": "5a004f9427a050c6c393c07ddb85cba8ff3849fa",
|
||||
"sha256": "01xrh9m9m6x8lz0vxwdw2mrhrvnw93zpg09hwdhqakj06agf4jjk"
|
||||
"hash": "sha256-U0rinjJAToVh4zCBd/9I3O4McxW88b7Bp6ibmmqCuQc="
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
|
@ -10,17 +10,17 @@ let
|
|||
allSpecs = {
|
||||
x86_64-linux = {
|
||||
system = "linux64";
|
||||
sha256 = upstream-info.sha256_linux;
|
||||
hash = upstream-info.hash_linux;
|
||||
};
|
||||
|
||||
x86_64-darwin = {
|
||||
system = "mac-x64";
|
||||
sha256 = upstream-info.sha256_darwin;
|
||||
hash = upstream-info.hash_darwin;
|
||||
};
|
||||
|
||||
aarch64-darwin = {
|
||||
system = "mac-arm64";
|
||||
sha256 = upstream-info.sha256_darwin_aarch64;
|
||||
hash = upstream-info.hash_darwin_aarch64;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -42,7 +42,7 @@ in stdenv.mkDerivation rec {
|
|||
|
||||
src = fetchurl {
|
||||
url = "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/${version}/${spec.system}/chromedriver-${spec.system}.zip";
|
||||
sha256 = spec.sha256;
|
||||
hash = spec.hash;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ unzip makeWrapper ];
|
||||
|
|
Loading…
Reference in New Issue
Block a user